Application No. 10/613,159 Docket No.: 9896-000001 /US 

Amendment dated September 25, 2007 
After Final Office Action of July 26, 2007 

REMARKS 

Claims 1-5 are now pending in the application. Claims 1, 2, and 4 are currently 
amended. No new matter has been added as support for the amendments may be 
found throughout the specification, claims, and drawings as originally filed. The 
Examiner is respectfully requested to reconsider and withdraw the rejections in view of 
the amendments and remarks contained herein. 

Rejection Under 35 U.S.C. §102 and §103 

Claims 1 stands rejected under 35 U.S.C. § 102(b) as being anticipated by Cisco 
(bM^ww.cisco.com^ 
copyright 1998, Cisco systems. 

Claims 2-5 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Cisco ( http://www.cisco.com/uinvercd/cc/td/doc/product/software/ios1 12/intercpt.htm ). 
These rejections are respectfully traversed. 

Applicant respectfully submits that Cisco undoubtedly only puts forward a generic 
solution for avoiding TCP SYN flood attacks and fails to teach or suggest specific 
technical features, e.g., zero window size and non-zero window size, to achieve the 
solution. 

Since the technical features of zero window size and non-zero window size in 
claim 1 are not taught or suggested in the cited art, Applicant respectfully submits that 
the cited art fails to anticipate, teach, or suggest combining the zero window size and 
non-zero window size with the scheme of avoiding TCP SYN flood attacks in claim 1 of 
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the present invention, and Applicant believes that claim 1 of the present invention is not 
obvious to one skilled in the related art. As is known by one skilled in the art, the zero 
window size and non-zero window size are generally used in the following scenario. 
When a client continuously sends data packets to a server which does not possess 
sufficient memory to process the received data packets from the client. The server will 
send a packet with zero window size to the client to inform the client not to forward data 
packets to the server for a time period. When the server has sufficient memory to 
process data packets again, the server will send another data packet with non-zero 
window size to the client to inform the client to start transmission to the server again. 

Applicant respectfully traverses the finding in the outstanding Office Action with 
reference to claim 2. The examiner asserts that such use of zero window size is well 
known in the art for the motivation of minimizing the traffic between unauthorized client 
and the firewall. In claim 1, zero window size and non-zero window size is used for 
avoiding the firewall located between client and server becomes a bottle-neck in the 
communication. For example, when the TCP connection between client and server has 
not yet been established and the speed at which the client sends data packets to the 
server is too fast. If no measure is adopted to inform the client to stop sending data 
packets, substantial amounts of memory will be consumed, and the firewall located 
between client and server will become a bottle-neck. 

In view of above, claim 1 is directed to utilizing the zero window size and non- 
zero window size to avoid TCP SYN flood attacks. The firewall uses a data packet with 
zero window size to inform a client to not send data packets before receiving a TCP 
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SYN acknowledgement package from the client, and uses a data packet with non-zero 
window size to inform a client to send data packets after receiving a TCP SYN response 
package from the server. The prior art fails to anticipate, teach or suggest this element. 

Applicant further respectfully traverses the Examiner's assertion regarding flood 
attacks. If the window size is anything other than zero, the flood would work and the 
service will be denied. In accordance with the generic solution put forward by Cisco, 
which fails to mention use of zero window size and non-zero window size, the following 
two methods can be used to avoid the TCP SYN flood attacks instead of using the zero 
window size. 

Situation 1: When the TCP connection between client and server has not been 
established yet and speed at which the client sends packets to the server is too fast, the 
firewall located between the client and server may buffer the received data packets from 
the clients, which will consume the memory of the firewall. 

Situation 2: When the TCP connection between client and server has not been 
established yet and speed at which the client sends packets to the server is too fast, the 
firewall located between the client and server may discard the received packets which 
the firewall cannot process. Thus, only after a predetermined time will the client re- 
transfer the packets which have been discarded by the firewall. This will adversely 
impact the speed acceptance by the users. 

The claimed zero window size and non-zero window size addresses these 
issues. At the same time, after the TCP connection between client and server has been 
established, the firewall located between the client and server may instantly send a 
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packet with non-zero window size to inform the client to start sending packets, which 
may enhance data transmission, improve users' experience and lower memory 
consumption of the firewall. 

In view of the foregoing, Applicant respectfully submits that Cisco does not teach 
nor suggest the claim 1. Likewise, because claims 2-5 depend from claim 1, Applicant 
respectfully submits that claims 1-5 defines over the art cited by the Examiner. Thus, 
Applicant respectfully requests withdrawal of the rejections under 35 U.S.C. §102 and 
§103. 

Conclusion 

It is believed that all of the stated grounds of rejection have been properly 
traversed, accommodated, or rendered moot. Applicant therefore respectfully requests 
that the Examiner reconsider and withdraw all presently outstanding rejections. It is 
believed that a full and complete response has been made to the outstanding Office 
Action and the present application is in condition for allowance. Thus, prompt and 
favorable consideration of this amendment is respectfully requested. If the Examiner 
believes that personal communication will expedite prosecution of this application, the 
Examiner is invited to telephone the undersigned at (248) 641-1600. 



9 



JML/kk 



Application No. 10/613,159 
Amendment dated September 25, 2007 
After Final Office Action of July 26, 2007 



Docket No.: 9896-000001 /US 



Applicant believes no fee is due with this response. However, if a fee is due, 
please charge our Deposit Account No. 08-0750, under Order No. 9896-000001 /US 
from which the undersigned is authorized to draw. 



Dated: September 25, 2007 Respectfully submitted, 

By /Joseph M. Lafata/ 

Joseph M. Lafata 

Registration No.: 37,166 

HARNESS, DICKEY & PIERCE, P.L.C. 

P.O. Box 828 

Bloomfield Hills, Michigan 48303 

(248)641-1223 

Attorney for Applicant 
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